From eb20a6c846373bbfba4cd80e6aef017b56409047 Mon Sep 17 00:00:00 2001 From: ailin-nemui Date: Thu, 22 Sep 2016 04:27:35 +0200 Subject: Merge pull request #548 from ailin-nemui/buf-fix sync buf.pl --- scripts/buf.pl | 42 ++++++++++++++++++++++++++++-------------- 1 file changed, 28 insertions(+), 14 deletions(-) diff --git a/scripts/buf.pl b/scripts/buf.pl index da50e821..6d907f12 100644 --- a/scripts/buf.pl +++ b/scripts/buf.pl @@ -5,7 +5,7 @@ use Irssi qw(command signal_add signal_add_first active_win settings_get_str settings_get_bool channels windows settings_add_str settings_add_bool get_irssi_dir window_find_refnum signal_stop); -$VERSION = '2.13'; +$VERSION = '2.20'; %IRSSI = ( authors => 'Juerd', contact => 'juerd@juerd.nl', @@ -13,10 +13,8 @@ $VERSION = '2.13'; description => 'Saves the buffer for /upgrade, so that no information is lost', license => 'Public Domain', url => 'http://juerd.nl/irssi/', - changed => 'Mon May 13 19:41 CET 2002', - changes => 'Severe formatting bug removed * oops, I ' . - 'exposed Irssi to ircII foolishness * sorry ' . - '** removed logging stuff (this is a fix)', + changed => 'Thu Sep 22 01:37 CEST 2016', + changes => 'Fixed file permissions (leaked everything via filesystem)', note1 => 'This script HAS TO BE in your scripts/autorun!', note2 => 'Perl support must be static or in startup', ); @@ -39,9 +37,15 @@ use Data::Dumper; my %suppress; +sub _filename { sprintf '%s/scrollbuffer', get_irssi_dir } + sub upgrade { - open BUF, q{>}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!; - print BUF join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n"; + my $fn = _filename; + my $old_umask = umask 0077; + open my $fh, q{>}, $fn or die "open $fn: $!"; + umask $old_umask; + + print $fh join("\0", map $_->{server}->{address} . $_->{name}, channels), "\n"; for my $window (windows) { next unless defined $window; next if $window->{name} eq 'status'; @@ -57,36 +61,39 @@ sub upgrade { redo if defined $line; } } - printf BUF "%s:%s\n%s", $window->{refnum}, $lines, $buf; + printf $fh "%s:%s\n%s", $window->{refnum}, $lines, $buf; } - close BUF; + close $fh; unlink sprintf("%s/sessionconfig", get_irssi_dir); command 'layout save'; command 'save'; } sub restore { - open BUF, q{<}, sprintf('%s/scrollbuffer', get_irssi_dir) or die $!; - my @suppress = split /\0/, ; + my $fn = _filename; + open my $fh, q{<}, $fn or die "open $fn: $!"; + unlink $fn or warn "unlink $fn: $!"; + + my @suppress = split /\0/, readline $fh; if (settings_get_bool 'upgrade_suppress_join') { chomp $suppress[-1]; @suppress{@suppress} = (2) x @suppress; } active_win->command('^window scroll off'); - while (my $bla = ){ + while (my $bla = readline $fh){ chomp $bla; my ($refnum, $lines) = split /:/, $bla; next unless $lines; my $window = window_find_refnum $refnum; unless (defined $window){ - for 1..$lines; + readline $fh for 1..$lines; next; } my $view = $window->view; $view->remove_all_lines(); $view->redraw(); my $buf = ''; - $buf .= for 1..$lines; + $buf .= readline $fh for 1..$lines; my $sep = settings_get_str 'upgrade_separator'; $sep .= "\n" if $sep ne ''; $window->gui_printtext_after(undef, MSGLEVEL_CLIENTNOTICE, "$buf\cO$sep"); @@ -119,3 +126,10 @@ signal_add 'event join' => 'suppress'; unless (-f sprintf('%s/scripts/autorun/buf.pl', get_irssi_dir)) { Irssi::print('PUT THIS SCRIPT IN ~/.irssi/scripts/autorun/ BEFORE /UPGRADING!!'); } + +# Remove any left-over file. If 'session' doesn't exist (created by irssi +# during /UPGRADE), neither should our file. +unless (-e sprintf('%s/session', get_irssi_dir)) { + my $fn = _filename; + unlink $fn or warn "unlink $fn: $!" if -e $fn; +} -- cgit v1.2.3 From 6c6c42e3d1b49d90aacc0b67f8540471cae02a1d Mon Sep 17 00:00:00 2001 From: ailin-nemui Date: Tue, 3 Jan 2017 13:44:58 +0100 Subject: Merge branch 'security' into 'master' See merge request !7 --- src/fe-common/core/formats.c | 10 +++++++++- src/fe-text/term-terminfo.c | 13 ++++++++++--- src/irc/core/irc-nicklist.c | 6 +++++- src/irc/core/irc-queries.c | 2 ++ 4 files changed, 26 insertions(+), 5 deletions(-) diff --git a/src/fe-common/core/formats.c b/src/fe-common/core/formats.c index d9a51201..738239a6 100644 --- a/src/fe-common/core/formats.c +++ b/src/fe-common/core/formats.c @@ -68,7 +68,7 @@ static void format_expand_code(const char **format, GString *out, int *flags) if (flags == NULL) { /* flags are being ignored - skip the code */ - while (**format != ']') + while (**format != ']' && **format != '\0') (*format)++; return; } @@ -246,6 +246,10 @@ int format_expand_styles(GString *out, const char **format, int *flags) case '[': /* code */ format_expand_code(format, out, flags); + if ((*format)[0] == '\0') + /* oops, reached end prematurely */ + (*format)--; + break; case 'x': case 'X': @@ -972,6 +976,7 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str, str++; for (num2 = 0; i_isdigit(*str); str++) num2 = num2*10 + (*str-'0'); + if (*str == '\0') return start; switch (num2) { case 2: @@ -989,6 +994,8 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str, for (; i_isdigit(*str); str++) num2 = (num2&~0xff) | (((num2&0xff) * 10 + (*str-'0'))&0xff); + + if (*str == '\0') return start; } if (i == -1) break; @@ -1017,6 +1024,7 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str, str++; for (num2 = 0; i_isdigit(*str); str++) num2 = num2*10 + (*str-'0'); + if (*str == '\0') return start; if (num == 38) { flags &= ~GUI_PRINT_FLAG_COLOR_24_FG; diff --git a/src/fe-text/term-terminfo.c b/src/fe-text/term-terminfo.c index 27be904e..8fac76b3 100644 --- a/src/fe-text/term-terminfo.c +++ b/src/fe-text/term-terminfo.c @@ -539,9 +539,16 @@ int term_addstr(TERM_WINDOW *window, const char *str) if (term_type == TERM_TYPE_UTF8) { while (*ptr != '\0') { - tmp = g_utf8_get_char(ptr); - len += unichar_isprint(tmp) ? mk_wcwidth(tmp) : 1; - ptr = g_utf8_next_char(ptr); + tmp = g_utf8_get_char_validated(ptr, -1); + /* On utf8 error, treat as single byte and try to + continue interpretting rest of string as utf8 */ + if (tmp == (gunichar)-1 || tmp == (gunichar)-2) { + len++; + ptr++; + } else { + len += unichar_isprint(tmp) ? mk_wcwidth(tmp) : 1; + ptr = g_utf8_next_char(ptr); + } } } else len = raw_len; diff --git a/src/irc/core/irc-nicklist.c b/src/irc/core/irc-nicklist.c index bcb9d1f6..f049fe79 100644 --- a/src/irc/core/irc-nicklist.c +++ b/src/irc/core/irc-nicklist.c @@ -314,7 +314,11 @@ static void event_whois_ircop(SERVER_REC *server, const char *data) static void event_nick_invalid(IRC_SERVER_REC *server, const char *data) { if (!server->connected) - server_disconnect((SERVER_REC *) server); + /* we used to call server_disconnect but that crashes + irssi because of undefined memory access. instead, + indicate that the connection should be dropped and + let the irc method to the clean-up. */ + server->connection_lost = server->no_reconnect = TRUE; } static void event_nick_in_use(IRC_SERVER_REC *server, const char *data) diff --git a/src/irc/core/irc-queries.c b/src/irc/core/irc-queries.c index 12861744..77a5289d 100644 --- a/src/irc/core/irc-queries.c +++ b/src/irc/core/irc-queries.c @@ -45,6 +45,8 @@ QUERY_REC *irc_query_find(IRC_SERVER_REC *server, const char *nick) { GSList *tmp; + g_return_val_if_fail(nick != NULL, NULL); + for (tmp = server->queries; tmp != NULL; tmp = tmp->next) { QUERY_REC *rec = tmp->data; -- cgit v1.2.3 From 7cac354161a8914712264408347a9a2882aab22f Mon Sep 17 00:00:00 2001 From: ailin-nemui Date: Tue, 3 Jan 2017 14:24:55 +0100 Subject: tag as 0.8.21 --- NEWS | 9 +++++++++ configure.ac | 2 +- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 265827b3..34bb76a3 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,12 @@ +v0.8.21 2017-01-03 The Irssi team + - Correct a NULL pointer dereference in the nickcmp function found by + Joseph Bisch (GL#1) + - Correct an out of bounds read in certain incomplete control codes + found by Joseph Bisch (GL#2) + - Correct an out of bounds read in certain incomplete character + sequences found by Hanno Böck and independently by J. Bisch (GL#3) + - Correct an error when receiving invalid nick message (GL#4, #466) + v0.8.20 2016-09-16 The Irssi team - Correct the name of an emitted sasl signal (#484) - Correct the prototype for the 'message private' signal (#515) diff --git a/configure.ac b/configure.ac index 458c8aa9..59f5ce57 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -AC_INIT(irssi, 0.8.20) +AC_INIT(irssi, 0.8.21) AC_CONFIG_SRCDIR([src]) AC_CONFIG_AUX_DIR(build-aux) AC_PREREQ(2.50) -- cgit v1.2.3